CVE-2026-1843
Stored XSS in Super Page Cache WordPress Plugin Activity Log
Publication date: 2026-02-14
Last updated on: 2026-02-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | super_page_cache | to 5.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Super Page Cache plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to and including 5.2.2. This vulnerability arises because the plugin does not properly sanitize input or escape output in the Activity Log feature. As a result, an unauthenticated attacker can inject malicious web scripts that execute whenever a user views the affected page.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the context of users visiting the infected pages. This can lead to theft of sensitive information, session hijacking, defacement, or other malicious actions without requiring the attacker to be authenticated.
Additionally, the vulnerability has a CVSS v3.1 base score of 7.2, indicating a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impacts on confidentiality and integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) via the Activity Log in the Super Page Cache WordPress plugin up to version 5.2.2. Detection would involve checking for injected scripts in the Activity Log pages or monitoring HTTP responses for unexpected script content.
Since the vulnerability is related to insufficient input sanitization and output escaping, you can inspect the Activity Log pages for suspicious script tags or payloads.
Commands to help detect this might include:
- Using curl or wget to fetch the Activity Log page and grep for suspicious script tags, e.g.: `curl -s http://yourwordpresssite.com/wp-admin/admin.php?page=super_page_cache_activity_log | grep '<script>'`
- Using browser developer tools to inspect the Activity Log page for unexpected scripts.
- Checking web server logs for unusual requests or payloads that might indicate attempts to inject scripts.
Note that no specific detection commands or tools are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Super Page Cache plugin to version 5.2.3 or later, which includes security enhancements addressing this vulnerability.
The update prevents caching and serving of HTTP error responses (status codes 400-599), which helps mitigate risks related to exposing error pages via cache.
Additionally, applying the recommended Nginx configuration changes to properly manage cache-control headers will improve security and performance.
- Update the plugin to version 5.2.3 or newer.
- Implement the Nginx cache-control header rules as guided in the plugin UI or documentation.
- Avoid serving cached pages when HTTP response status codes indicate errors (4xx or 5xx).